var-201208-0202
Vulnerability from variot
Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Opera Web Browser is prone to a HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Opera Web Browser versions prior to 12.01 and 11.66 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201209-11
http://security.gentoo.org/
Severity: Normal Title: Opera: Multiple vulnerabilities Date: September 25, 2012 Bugs: #429478, #434584 ID: 201209-11
Synopsis
Multiple vulnerabilities have been found in Opera, the worst of which may allow remote execution of arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/opera < 12.01.1532 >= 12.01.1532
Description
Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers and Opera Release Notes referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted web page using Opera, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Opera users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/opera-12.01.1532"
References
[ 1 ] CVE-2012-4010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010 [ 2 ] CVE-2012-4142 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142 [ 3 ] CVE-2012-4143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143 [ 4 ] CVE-2012-4144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144 [ 5 ] CVE-2012-4145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145 [ 6 ] CVE-2012-4146 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146 [ 7 ] Opera 12.01 for UNIX changelog http://www.opera.com/docs/changelogs/unix/1201/
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201208-0202",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "10.63"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "10.61"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "10.00"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "10.62"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "12.00"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "10.60"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.6,
"vendor": "opera",
"version": "10.53"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.51"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.61"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.10"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.52"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.11"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.64"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.50"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.54"
},
{
"model": "browser",
"scope": "lte",
"trust": 1.0,
"vendor": "opera",
"version": "11.65"
},
{
"model": "browser",
"scope": "lte",
"trust": 1.0,
"vendor": "opera",
"version": "12.00"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.11"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.00"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.52.1100"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.60"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.50"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.01"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.51"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.01"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.52"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "11.62"
},
{
"model": "browser",
"scope": "eq",
"trust": 1.0,
"vendor": "opera",
"version": "10.10"
},
{
"model": "opera",
"scope": "lt",
"trust": 0.8,
"vendor": "opera asa",
"version": "12. x"
},
{
"model": "opera",
"scope": "eq",
"trust": 0.8,
"vendor": "opera asa",
"version": "12.01"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "12.1"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11.4"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.64"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.62"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.61"
},
{
"model": "software opera web browser",
"scope": "eq",
"trust": 0.3,
"vendor": "opera",
"version": "11.60"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "54779"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "12.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:12.00:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.52.1100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.50:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.52:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.53:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.54:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.53:b:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:12.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:12.00:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.60:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.53:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.50:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.51:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.63:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.65",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.00:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.52:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.10:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.00:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.61:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.10:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:11.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.52:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.60:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.50:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:opera:opera_browser:10.62:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4142"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by vendor.",
"sources": [
{
"db": "BID",
"id": "54779"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-4142",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-57423",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4142",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201208-020",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-57423",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57423"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, ignores some characters in HTML documents in unspecified circumstances, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document. Opera Web Browser is prone to a HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nOpera Web Browser versions prior to 12.01 and 11.66 are vulnerable. It supports multi-window browsing and a customizable user interface. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201209-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Opera: Multiple vulnerabilities\n Date: September 25, 2012\n Bugs: #429478, #434584\n ID: 201209-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Opera, the worst of which\nmay allow remote execution of arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/opera \u003c 12.01.1532 \u003e= 12.01.1532\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Opera. Please review\nthe CVE identifiers and Opera Release Notes referenced below for\ndetails. \n\nImpact\n======\n\nA remote attacker could entice a user to open a specially crafted web\npage using Opera, possibly resulting in execution of arbitrary code\nwith the privileges of the process or a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Opera users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/opera-12.01.1532\"\n\nReferences\n==========\n\n[ 1 ] CVE-2012-4010\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4010\n[ 2 ] CVE-2012-4142\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4142\n[ 3 ] CVE-2012-4143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4143\n[ 4 ] CVE-2012-4144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4144\n[ 5 ] CVE-2012-4145\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4145\n[ 6 ] CVE-2012-4146\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4146\n[ 7 ] Opera 12.01 for UNIX changelog\n http://www.opera.com/docs/changelogs/unix/1201/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201209-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "BID",
"id": "54779"
},
{
"db": "VULHUB",
"id": "VHN-57423"
},
{
"db": "PACKETSTORM",
"id": "116866"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4142",
"trust": 2.9
},
{
"db": "BID",
"id": "54779",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201207-654",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-57423",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "116866",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57423"
},
{
"db": "BID",
"id": "54779"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "PACKETSTORM",
"id": "116866"
},
{
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-654"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"id": "VAR-201208-0202",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-57423"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:09:49.184000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Opera 12.01 for Windows changelog",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/windows/1201/"
},
{
"title": "Opera 12.01 for UNIX changelog",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/unix/1201/"
},
{
"title": "Opera 12.01 for Mac changelog",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/mac/1201/"
},
{
"title": "Opera 11.66 for Mac changelog",
"trust": 0.8,
"url": "http://www.opera.com/docs/changelogs/mac/1166/"
},
{
"title": "Advisory: Certain characters in HTML can incorrectly be ignored, which can facilitate XSS attacks",
"trust": 0.8,
"url": "http://www.opera.com/support/kb/view/1026/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57423"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "NVD",
"id": "CVE-2012-4142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.opera.com/docs/changelogs/unix/1201/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/docs/changelogs/mac/1166/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/docs/changelogs/mac/1201/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/docs/changelogs/windows/1201/"
},
{
"trust": 1.7,
"url": "http://www.opera.com/support/kb/view/1026/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4142"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4142"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/54779"
},
{
"trust": 0.3,
"url": "http://www.opera.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4143"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4146"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4145"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4144"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201209-11.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4142"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4010"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4142"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4145"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4010"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4144"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4146"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57423"
},
{
"db": "BID",
"id": "54779"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "PACKETSTORM",
"id": "116866"
},
{
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-654"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-57423"
},
{
"db": "BID",
"id": "54779"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"db": "PACKETSTORM",
"id": "116866"
},
{
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-654"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-57423"
},
{
"date": "2012-08-02T00:00:00",
"db": "BID",
"id": "54779"
},
{
"date": "2012-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"date": "2012-09-26T02:47:06",
"db": "PACKETSTORM",
"id": "116866"
},
{
"date": "2012-08-06T16:55:06.977000",
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"date": "2012-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-654"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-57423"
},
{
"date": "2012-09-25T23:10:00",
"db": "BID",
"id": "54779"
},
{
"date": "2012-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-003478"
},
{
"date": "2012-08-07T04:00:00",
"db": "NVD",
"id": "CVE-2012-4142"
},
{
"date": "2012-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201207-654"
},
{
"date": "2012-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "116866"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-654"
},
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
],
"trust": 1.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Opera Web Browser HTML Injection Vulnerability",
"sources": [
{
"db": "BID",
"id": "54779"
},
{
"db": "CNNVD",
"id": "CNNVD-201207-654"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201208-020"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.